Instant messaging,


OTRv4 summit!

Off-the-Record messaging protocol summit (OTRv4 summit 2019)

Co-located with the 19th Privacy Enhancing Technologies Symposium

July 15, 2019 – Royal Institute of Technology (KTH), Stockholm, Sweden

General information: PETS2019 website

The OTRv4 team is organizing a summit around the work done in the field of secure messaging, deniability and privacy on July 15 on the morning (that is, the day before the start of PETS 2019).

What is the OTRv4 summit?

The OTRv4 summit will feature a mix of a discussions, short talks and presentations which aim to highlight the importance of privacy, security and deniability in a secure messaging setting to researchers, students, activists and developers.

OTRv4 summit program

The workshop will start at 9 am and end at 12.05 pm.

All sessions will take place in Q34 room at KTH.

  • 9:00 - 9:10: Welcome! by Sofía Celi
  • 9:10 - 10:00: Introduction to secure messaging and OTRv4 by Sofía Celi
  • 10:05 - 10:50: Secure messaging, Wire and MLS by Raphael Robert
  • 10:55 - 11:30: Remote attestation and deniability: challenges and opportunities by Lachlan Gunn
  • 11:35 - 12:00: Why is secure messaging and deniability important: the case of Ola Bini by Sofía Celi


The new version of OTR is coming! We welcome all review on the OTRv4 specification. Please submit any issues on the github repository or discuss them on the otr-dev mailing list or the otr irc channel. Thank you!


OTR, which stands for Off-the-Record messaging is a cryptographic protocol that provides strong encryption for instant messaging conversations. Originally designed by, among others, Ian Goldberg.

Get to know the OTR protocol »


Help us improve OTR software by filing bugs, triaging bugs or submit patches to solve issues.

Contribute to the bugtracker »

Reaching developers

Many of the OTR enthusiasts and developers idle on the #OTR channel on the OFTC IRC network. Feel free to join, lurk or discuss..

IRC webchat »

Dev Mailinglist

If you are interested in contributing to OTR development or have questions regarding using OTR libraries in your software you should reach out to the OTR-dev mailinglist.

Development mailinglist »

User mailinglist

OTR has numerous users from all kinds of backgrounds, next to it being used by several hundred-thousands throughout the the world. Signup to the user mailinglist to help us improve documentation.

User mailinglist »

Announce mailinglist

If you're interested in being notified when new releases are put out or want to follow the latest news. Please subscribe to the otr-announce mailinglist!.

Announce mailinglist »

OTR's features

Encryption - No one else can read your instant messages over a network.

Authentication - You are assured the correspondent is who you think it is.

Deniability - The messages you send do not have digital signatures that are verifiable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he or she sees are authentic and unmodified.

Forward Secrecy - If you lose control of your private keys, no previous conversation is compromised.

What's the difference between PGP and OTR?

OTR - Off the Record

OTR is designed for instant messaging. It initiates a key-exchange between two peers when they are both online. Forward secrecy ensures that, if one of the peers loses control of the long-lived cryptographic keys, no previous conversations can be compromised.

OTR encrypted messages don't contain digital signatures. After a conversation is over, anyone could forge messages which appear to originate from one of the participants of the conversation. Which means that you can't prove the authenticity of the message. However, there is no precedence in any real-life court case with this scenario.

OTR implements among others the authentication through the socialist millionaire protocol. This means that, peers can verify each others' identity through the use of a shared secret avoiding a man-in-the-middle attack. Furthermore, users get around the inconvenience of manually comparing each others fingerprints through e.g, an outbound channel over the internet.
One can also verify the identity of a peer through comparing fingerprints.

PGP - Pretty Good Privacy

PGP, which stands for "Pretty Good Privacy" was designed for encrypting, decrypting and signing e-mail and data like, texts, files, whole disk partitions.

By using PGP for e-mail to exchange messages, at least two or more peers each have an keypair. Now, if you want to verify the key, you can't make use of a protocol as like with OTR. It can only be done by verifying the fingerprint of the peer you want to communicate with, preferrably over a secure channel.

It also comes with digital signatures which are used for message authentication and integrity checking. The latter is only used to see whether the message has been tampered with and if the sender was the real sender. With PGP you can't deny to ever have received the message like you can with OTR.